Facebook
TwitterSeth_Whitworth
New Pleskian
We recently migrated many of our Wordpress sites over to Plesk. One of those sites is a Wordpress Multi-Site. On all of the other sites we have used the Plesk WordPress Tools to "secure" them from the control panel. Doing that on the Multi-Site caused issues accessing images on sub-blogs.
Running the security fixes added some Directory rules to the Apache config file in order to try and secure some directories. In particular it added the following lines:
<Directory /var/www/vhosts/site.com/httpdocs/wp-includes>
<FilesMatch \.php$>
Require all denied
</FilesMatch>
</Directory>
This attempts to block php files from running within the wp-includes file.
Since this is an older site images and other media are displayed through a ModRewrite rule to /wp-includes/ms-files.php?file=$2 , which does not work with the above code, causing all media and images to be broken on the site.
For now we have commented out the Directory File but I am worried if we update anything on the site it will be overwritten and we will run into the same problem. Anyone run into this problem or have any thoughts on this?
Thanks,
Seth
Running the security fixes added some Directory rules to the Apache config file in order to try and secure some directories. In particular it added the following lines:
<Directory /var/www/vhosts/site.com/httpdocs/wp-includes>
<FilesMatch \.php$>
Require all denied
</FilesMatch>
</Directory>
This attempts to block php files from running within the wp-includes file.
Since this is an older site images and other media are displayed through a ModRewrite rule to /wp-includes/ms-files.php?file=$2 , which does not work with the above code, causing all media and images to be broken on the site.
For now we have commented out the Directory File but I am worried if we update anything on the site it will be overwritten and we will run into the same problem. Anyone run into this problem or have any thoughts on this?
Thanks,
Seth
